The invention relates to a method as well as an arrangement for controlling a user's access to a service made available in a data network, or to information stored in a user database in the general sense, which in particular should also be understood as data stored in prepaid and/or credit-card systems.
In conventional access-control systems such as are employed in data networks, identification and/or authentication means of the knowledge-based type are employed in order to fulfill the security demands. In particular, for decades password-based or PIN-based identification/authentication sequences have been known and in general use. Where sensitivity to spying or misuse is involved, for example in home-banking applications, additional specialized security measures such as the provision and obligatory employment of individual transaction codes, or TANs, are also known and widely used. Such supplementary security-enhancing sequences are knowledge-based and hence entail the typical disadvantages of all knowledge-based systems, i.e. on one hand problems associated with the loss of relevant information by the authorized user, and on the other hand risks arising when an unauthorized user gains access to such information.
Therefore in recent years considerable effort has been made to incorporate other types of identification/authentication sequences into the security mechanisms of data networks. Particularly common approaches are to add “possession-based” mechanisms (tokens) and/or “being-based” (biometry-based) mechanisms to the familiar knowledge-based mechanisms. For example, the biometric authentication sequences used in automated teller machines, which are based on fingerprint or retina recognition, have been proposed for controlling access to bank accounts. Furthermore, the fingerprint-based access-control devices which are now commonly used by notebooks and other PCs have been mentioned as a special way to control access to data networks.
Recently voice-based authentication solutions have already been introduced by some firms as a special type of biometry-based identification/authentication, as a supplement to their internal knowledge-based access-control mechanisms.
In the case of internet- and mobile-phone-based services and activities, in particular on internet marketplaces such as Ebay or in financial transaction systems on the internet such as PayPal, as the number of users worldwide rapidly rises, the number of fraudulent attacks is also increasing significantly. The probability of a successful invasion of accounts within a worldwide internet-based service with millions of users is much higher than that of phishing attacks on local banks.
Meanwhile, system providers such as PayPal and Ebay have responded to the growing number of attacks, in that they have introduced a hardware token as second level of security for user accounts. Recently developed solutions of this kind are based on the idea that an individual security code which is generated periodically can protect the user from fraudulent misuse of a personal account.
These recently developed mechanisms unfortunately present additional costs that must be borne by the provider and/or the user, and also suffer from the typical disadvantages of possession-based identification/authentication means.
The applicant's patent DE 10 2007 014 885 A1 is concerned with making available an improved means of controlling access to data networks that is relatively easy to implement and also attractive regarding expense; the applicant has also added to the patent other improved access-control procedures in various usage contexts.
Authentication and access-control systems based on the special characteristics of the human voice and speech encounter the fundamental problem that they can be defrauded to a certain extent by previously prepared recordings of speech samples. So-called challenge-response procedures counteract this in an authentication situation by stochastically selecting previously specified speech samples from a reservoir: during each authentication procedure, the number and sequence of the speech samples to be currently input are determined for the first time during this actual authentication. In practice, this makes it considerably more difficult to defraud the access-control system, but fraudulence cannot be excluded insofar as the defrauder has available a recording of the entire “pool” of speech samples used for training in an initialization phase, and succeeds in responding rapidly enough to the requests made by the user guidance system. Here it should be noted that in practice, for reasons of user acceptance, the reservoir or “pool” of speech samples used during initialization or training is quite small.
Therefore in the context of voice-profile-based access-control systems, as well, it has recently been considered useful to employ not only current speech samples but also supplementary authentication means to obtain a “secure” authentication of a user who is requesting access (the applicant's unpublished German patent application No. 10 2007 033 812.2). However, users tend to find these additional authentication means annoying, which could impair the basically high degree of user acceptance of these systems.